HomeCourses / Understanding Cyber Threats Module-02
Courses

Understanding Cyber Threats Module-02

Share this post on:

Module 2: Phishing & Business Email Compromise (BEC)

What is Phishing?

Phishing is a trick used by hackers to steal your information by pretending to be someone you trust. They send fake emails, text messages, or calls to get you to:

  • Click on a bad link
  • Give away your username and password
  • Download a harmful file

Phishing can happen through:

  • Email – Fake messages from banks, tech support, or even your workplace
  • SMS (Smishing) – Fake text messages with scam links
  • Phone Calls (Vishing) – Scammers pretending to be customer support or a company

How to Spot Phishing Emails

🔹 Suspicious Sender

  • The email is from an unknown or weird address.
  • The name may look familiar, but the email address is slightly different.

🔹 Urgency & Fear Tactics

  • “Your account will be closed if you don’t act now!”
  • “You’ve won a prize! Click here to claim it.”
  • “Your password was compromised, reset it now.”

🔹 Weird Links & Attachments

  • Hover over the link without clicking. If it looks strange or different, don’t click it.
  • Attachments may contain malware that can infect your device.

🔹 Bad Grammar & Spelling Errors

  • Legitimate companies have professional emails. If there are many mistakes, it’s likely fake.

🔹 Requests for Personal Information

  • No real company will ask you for your password, credit card number, or personal details by email.

What is Business Email Compromise (BEC)?

Business Email Compromise (BEC) is a type of phishing attack where hackers target businesses by pretending to be an important person, such as a CEO, manager, or vendor.

How BEC Attacks Work

  1. Hackers study the company – They gather information about employees and business operations.
  2. They send fake emails from a “trusted” source – They impersonate a boss, co-worker, or supplier.
  3. They request money transfers or sensitive data – The email may ask employees to send money or reveal company secrets.

Common Types of BEC Scams

  • CEO Fraud – Hackers pretend to be the CEO or boss and ask employees to transfer money.
  • Vendor Scam – They impersonate a supplier and send fake invoices.
  • Payroll Scam – They trick HR into changing direct deposit details to steal salaries.

How to Protect Yourself from Phishing & BEC

Check the Sender – Verify if the email address is correct. Contact the sender directly if unsure.
Think Before You Click – Hover over links to see where they lead before clicking.
Don’t Open Suspicious Attachments – If you didn’t expect an attachment, don’t download it.
Never Share Personal or Financial Info – Companies will never ask for passwords via email.
Use Multi-Factor Authentication (MFA) – Even if hackers steal your password, MFA can stop them.
Verify Requests for Money or Sensitive Info – Call or meet in person to confirm before transferring money.
Report Suspicious Emails – If you receive a phishing email, report it to IT or security teams.

What to Do If You Fall for Phishing?

1️⃣ Change Your Password Immediately – Use a strong and unique password.
2️⃣ Enable Multi-Factor Authentication (MFA) – This adds an extra layer of security.
3️⃣ Scan Your Device for Malware – If you downloaded a file, run a security scan.
4️⃣ Notify IT or Your Bank – If you shared sensitive information, report it right away.
5️⃣ Warn Others – Let co-workers or friends know about the scam.

Author: admin

View all posts by admin >

Related Posts

Image Placeholder
Courses
Module 3: Credential Hygiene & Breach Monitoring
Image Placeholder
Courses
Module 2: Multi-Factor Authentication (MFA)
Image Placeholder
Courses
Secure Authentication & Password Management Module-01